RFMON
RFMON is short for radio frequency monitoring mode and is sometimes also described as monitor mode or raw monitoring mode. In this mode an 802.11 wireless card is in listening mode (“sniffer” mode).
The wireless card does not have to associate to an access point or ad-hoc network but can passively listen to all traffic on the channel it is monitoring. Also, the wireless card does not require the frames to pass CRC checks and forwards all frames (corrupted
or not with 802.11 headers) to upper level protocols for processing. This can come in handy when troubleshooting protocol issues and bad hardware.
RFMON/Monitor Mode vs. Promiscuous Mode
Promiscuous mode in wired and wireless networks instructs a wired or wireless card to process any traffic regardless of the destination mac address. In wireless networks promiscuous mode requires that the wireless card be associated to an access point or
ad-hoc network. While in promiscuous mode a wireless card can transmit and receive but will only captures traffic for the network (SSID) to which it is associated.
RFMON mode is only possible for wireless cards and does not require the wireless card to be associated to a wireless network. While in monitor mode the wireless card can passively monitor traffic of all networks and devices within listening range (SSIDs,
stations, access points). In most cases the wireless card is not able to transmit and does not follow the typical 802.11 protocol when receiving traffic (i.e. transmit an 802.11 ACK for received packet).
Both modes have to be supported by the driver of the wired or wireless card.
RFMON and WLAN Discovery Tools
Kismet is probably the most widely used open source WLAN discovery tool. In addition to passively detecting access points and stations Kismet has many advance features like revealing hidden/cloaked SSIDs.
Before jumping into using Kismet you should feel comfortable with Linux and confirm that the hardware you plan to use has
drivers that support monitor mode.
If you are not Linux savvy and only have basic wireless LAN discovery requirements, you may be able to get by using tools that don’t require RFMON like
Netstumbler. Also, review the limitations of active scanning tools like
Netstumbler and alternative tools.